iTunes Store wiretapping your music?

by Robert Daeley

Is the iTunes Store spying on you? While BoingBoing's Cory Doctorow is ready to head to Cupertino with torches and pitchforks, the usually more level-headed Rob Griffith at MacOSXHints.com reports on the new 6.0.2 iTunes Store -- apparently it's wiretapping your listening habits outside of the store:

As reported on boingboing and other sites, the new iTunes mini store, which appears directly below the song list area in the main iTunes window, spies on your listening habits. You are not told this is happening, but it's clear that it must be -- the store's selections change each time you listen to a new song. So at a minimum, artist and title information must be being sent to the music store, each and every time you listen to a new song. I don't know what other data may or may not be collected, but even just title and artist is enough to concern me.

Folks who know what they're doing grabbed a hold of tcpdump and determined what's actually being reported, as well as the fact that if you disable the Store, nothing is transmitted.

Whether you believe this is a nefarious thing or not for Apple to do, it does point out the need to pay attention before hitting OK for *any* software upgrades, whether you like the company or not.

As for me, I'll be disabling the Store until I decide to purchase something. And maybe dusting off a copy of mpg123. ;)

6 Comments

idji
2006-01-11 09:15:26

Aye!
Didn't Apple hire last year a top Web site design firm to redo the look of apple.com ?

jeremy4321
2006-01-11 10:53:36

Just4You
This is more personalization that they would like to do. In the regular music store, they have been beta testing a feature called just 4 you, which takes what you've bought from the music store in the past and recommends other songs or albums. The Just4You feature is along the lines of Amazon.com's personalization according to user searches and purchases.
In the case of the mini-store though, it is going beyond purchase history, it is using the information that it gathers from the machine itself. Whether or not this is kosher with users' privacy remains to be seen.

sporkstorms
2006-01-11 13:45:15

Email sent to privacy@apple
iTunes' privacy policy does not mention anything regarding this.
So, I've sent an email to Apple's privacy concerns address asking them what, if any information they store, how it is used, etc.

I'll post their response when I receive it.

sporkstorms
2006-01-11 13:50:11

Email sent to privacy@apple
By the way, this page: http://docs.info.apple.com/article.html?artnum=303066 says the following:

iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store.

But nothing about if that information is stored, and what exactly the "data" they're sending is. As astute readers have already done, you can find out exactly what data is being sent, however Apple needs to (imo) tell you exactly what this is.

JulesLt
2006-01-11 14:48:49

Cory
I'm looking forward to getting my hacked Sony portable book thingy, so I can just read Cory's books on that without having to pay for them. Then we'll see if stay's so technolibertarian when his downloads aren't just adverts for hardbacks.

In the meantime, I suggest getting some perspective - it's a music recommendation system. Until the US government starts tracking people for listening to terrorist music, I'm not really going to worry. It's naughty that they make it difficult to turn off (non-resizable window, etc) but not actively evil.

I think most customers might actually like it (it's been a popular feature on p2p clients).

They are, after all, a company. If you don't like dealing with companies, there are plenty of alternatives.

since1968
2006-01-12 12:06:14

What about third parties?
Robert, thank you for picking this story up. Cory and Rob built on my original reporting.

With due respect, what I think you're missing in your take on it is that Apple actually sends a second HTTP request out after contacting the iTMS, and that GET request is to Omniture, a third party marketer. Whether the information is of concern is another matter (I've run ethereal and I have my own opinion), but it's pretty clear Apple could have headed off a lot of trouble by disclosing its policy in advance.

Sign up today to receive special discounts, product alerts, and news from O'Reilly.